The Agony and the Ecstasy of .NET Application Exploitation
This talk will cover the current state of .NET security/exploitation, using real-world examples of application-level vulnerabilities to framework bugs. Additionally, I will .NET security features and how to bypass, including bypassing strong-name signing including the GAC. Then, I will provide a short demo on how to modify the behavior of the .NET framework through DLL byte patching. Finally I will discuss defensive programming practices which can be used to guard against .NET vulnerabilities.
Performing Open Heart Surgery on a Furby
No product has fueled more nightmares in children than the satanic toy known only as the Furby. Recent Furbies have received significant upgrades from their predecessors, sporting features such as LCD eyes, interaction with mobile devices, and a new communication method rivaling that of #badBIOS itself.
This talk will dive into the world of hardware hacking, as applied to this demonic toy. We'll discuss various techniques to reverse engineer and instrument the hardware, including identifying unknown chips, dumping memory, and sniffing data buses. We'll also plunge into the world of chip decapping (the art of boiling chips in corrosive acid), discuss different methods of analyzing dies, and apply basic IC reversing techniques.
Choose your own Cryptographic Adventure
We're going to play a 'choose your own adventure' through a cryptographic adventure. Just like the 'find your fate' books of yesteryear, there will be a very long slide deck and the audience will dictate what they want to hear about. The slide deck will have things such as how basic primitives work, some underpinnings, as well as general design and greatest hits of cryptographic screw-ups.
The Automated Exploitation Grand Challenge
In the last few years, interest for automated exploitation has surged both from academic and industry circles. So far, most research has focused on restricted exploit models where mitigations are disabled or very limited. The purpose of this talk is to define the challenges ahead for security researchers who want to tackle full model exploit generation where modern mitigations are considered. As often, the key to solving such hard problem lies in tackling simpler problems and combining results. We hereby formalize a list of eleven central problems in automated vulnerability discovery and exploitation and discuss strategies to solve them. A few tools are presented to help researchers in this journey.